https://f-droid.org/2025/10/28/sideloading.html

F-Droid Apps Forum Docs News Issues Contribute About

What We Talk About When We Talk About Sideloading

Posted on Oct 28, 2025 by marcprux marcprux

We recently published a blog post with our reaction to the new Google
Developer Program and how it impacts your freedom to use the devices
that you own in the ways that you want. The post garnered quite a lot
of feedback and interest from the community and press, as well as
various civil society groups and regulatory agencies.

In this post, I hope to clarify and expand on some of the points and
rebut some of the counter-messaging that we have witnessed.

Google's message that "Sideloading is Not Going Away" is clear,
concise, and false

Shortly after our post was published, Google aired an episode of
their Android Developers Roundtable series, where they state
unequivocally that "sideloading isn't going anywhere". They follow-up
with a blog post:

    Does this mean sideloading is going away on Android? Absolutely
    not. Sideloading is fundamental to Android and it is not going
    away.

This statement is untrue. The developer verification decree
effectively ends the ability for individuals to choose what software
they run on the devices they own.

It bears reminding that "sideload" is a made-up term. Putting
software on your computer is simply called "installing", regardless
of whether that computer is in your pocket or on your desk. This
could perhaps be further precised as "direct installing", in case you
need to make a distinction between obtaining software the
old-fashioned way versus going through a rent-seeking intermediary
marketplace like the Google Play Store or the Apple App Store.

Regardless, the term "sideload" was coined to insinuate that there is
something dark and sinister about the process, as if the user were
making an end-run around safeguards that are designed to keep you
protected and secure. But if we reluctantly accept that "sideloading"
is a term that has wriggled its way into common parlance, then we
should at least use a consistent definition for it. Wikipedia's
summary definition is:

    the transfer of apps from web sources that are not
    vendor-approved

By this definition, Google's statement that "sideloading is not going
away" is simply false. The vendor -- Google, in the case of Android
certified devices -- will, in point of fact, be approving the source.
The supplicant app developer must register with Google, pay a fee,
provide government identification, agree to non-negotiable (and
ever-changing) terms and conditions, enumerate all their current and
future application identifiers, upload evidence of their private
signing key, and then hope and wait for Google's approval.

What this means for your rights

You, the consumer, purchased your Android device believing in
Google's promise that it was an open computing platform and that you
could run whatever software you choose on it. Instead, starting next
year, they will be non-consensually pushing an update to your
operating system that irrevocably blocks this right and leaves you at
the mercy of their judgement over what software you are permitted to
trust.

You, the creator, can no longer develop an app and share it directly
with your friends, family, and community without first seeking
Google's approval. The promise of Android -- and a marketing advantage
it has used to distinguish itself against the iPhone -- has always
been that it is "open". But Google clearly feels that they have
enough of a lock on the Android ecosystem, along with sufficient
regulatory capture, that they can now jettison this principle with
prejudice and impunity.

You, the state, are ceding the rights of your citizens and your own
digital sovereignty to a company with a track record of complying
with the extrajudicial demands of authoritarian regimes to remove
perfectly legal apps that they happen to dislike. The software that
is critical to the running of your businesses and governments will be
at the mercy of the opaque whims of a distant and unaccountable
corporation. Monocultures are perilous not just in agriculture, but
in software distribution as well.

As a reminder, this applies not just to devices that exclusively use
the Google Play Store: this is for every Android Certified device
everywhere in the world, which encompasses over 95% of all Android
devices outside of China. Regardless of whether the device owner
prefers to use a competing app store like the Samsung Galaxy Store or
the Epic Games Store, or a free and open-source app repository like
F-Droid, they will be captive to the overarching policies
unilaterally dictated by a competing corporate entity.

The place of greater safety

In promoting their developer registration program, Google purports:

    Our recent analysis found over 50 times more malware from
    internet-sideloaded sources than on apps available through Google
    Play.

We haven't seen this recent analysis -- or any other supporting
evidence -- but the "50 times" multiple does certainly sound like
great cause for distress (even if it is a surprisingly round number).
But given the recent news of "224 malicious apps removed from the
Google Play Store after ad fraud campaign discovered", we are left to
wonder whether their energies might better be spent assessing and
improving their own safeguards rather than casting vague
disparagements against the software development communities that
thrive outside their walled garden.

In addition, other recent news of over 19 million downloads of
malware from the Play Store leads us to question whether the sole
judgement of a single corporate entity can be trusted to identify and
assess malware, especially when that judgement is clouded by
commercial incentives that may not align with the well-being of their
users.

What can be done?

Google has been facing public outcry against their heavy-handed
policies for a long time, but this trend has accelerated recently.
Last year they crippled ad-blockers in Chrome and Chromium-based
browsers by forcing through their unpopular "manifest v3" requirement
for plugins, and earlier this year they closed off the development of
the Android Open Source Project (AOSP), which is how they were able
to clandestinely implement the verification infrastructure that
enforces their developer registration decree.

Developer verification is an existential threat to free software
distribution platforms like F-Droid as well as emergent commercial
competitors to the Play Store. We are witnessing a groundswell of
opposition to this attempt from both our user and developer
communities, as well as the tech press and civil society groups, but
public policymakers still need to be educated about the threat.

To learn more about what you can do as a consumer, visit
keepandroidopen.org for information on how to contact your
representative agencies and advocate for keeping the Android
ecosystem open for consumers and competition.

If you are an app developer, we recommend against signing yourself up
for Google's developer registration program at this time. We
unequivocally reject their attempt to force this program upon the
world.

Over half of all humankind uses an Android smartphone. Google does
not own your phone. You own your phone. You have the right to decide
who to trust, and where you can get your software from.

[English            ] [Change]
Find Apps

[                    ]
[Search]
Donate

F-Droid is powered by your donations!

  * Donate to our Collective
  * Donate via Liberapay
  * More Options

Connect

mastodon
@fdroidorg@floss.social

News

  * What We Talk About When We Talk About Sideloading Oct 28, 2025
  * Happy Programmer's Day and waiting for my CPU Oct 24, 2025
  * Navigating the Digital Markets Act, Digital Services Act and the
    Online Safety Act Oct 21, 2025
  * From casting to currency Oct 17, 2025
  * New ends, old beginnings Oct 09, 2025

(c) 2010-2025 F-Droid Contributors Status | Edit on GitLab